The card networks are not fighting over who processes the payment. They are fighting over who defines the rules when AI agents spend your money.

On March 5, 2026, Mastercard quietly did something that may matter more than any product launch in payments this year. It open-sourced a specification called Verifiable Intent, a cryptographic framework that links a consumer's identity, their specific instructions, and the outcome of an AI-initiated transaction into a single, tamper-resistant record. Think of it as a digital receipt for what you told your agent to do, what the agent actually did, and proof that the two match.

The announcement landed alongside commitments from Google, Fiserv, IBM, Checkout.com, Basis Theory, and Getnet. It is designed to interoperate with Google's Universal Commerce Protocol, OpenAI's Agentic Commerce Protocol, and the emerging Agent Payments Protocol (AP2). And it addresses what we believe is the single largest unsolved problem in agentic commerce: not whether AI agents can buy things, but whether anyone can prove they were supposed to.

"As autonomy increases, trust cannot be implied. It must be proven," Pablo Fourez, Chief Digital Officer at Mastercard, told PYMNTS. "And if something goes wrong, everyone needs facts, not guesswork."

The agentic commerce ecosystem has spent the last 18 months building infrastructure at remarkable speed. Visa launched its Trusted Agent Protocol in October 2025, an open framework for merchants to distinguish legitimate AI agents from bots. Mastercard shipped Agent Pay in April 2025, introducing agentic tokens, dynamic digital credentials that allow AI agents to transact on a consumer's behalf using the same tokenisation technology that secures mobile payments. Google announced the Universal Commerce Protocol at NRF in January 2026, covering the full shopping lifecycle from discovery to post-purchase. OpenAI and Stripe co-developed the Agentic Commerce Protocol, powering Instant Checkout in ChatGPT with over a million Shopify merchants coming online.

Every one of these initiatives solves a real problem. Authentication. Tokenisation. Discovery. Checkout. But none of them solved the trust problem that sits underneath all of it.

Consider the scenario. Your AI agent books a flight, reserves a hotel, and purchases travel insurance. Two weeks later, you dispute the insurance charge, claiming you never authorised it. The merchant says the agent completed the purchase with valid credentials. The card issuer has a tokenised transaction record. The agent platform has a session log. But nobody has a cryptographic, tamper-resistant record of what you actually told the agent to do, what constraints you set, and whether the agent operated within them.This is not a hypothetical edge case. Bain & Company research found that only 24 percent of US consumers feel comfortable using AI to complete purchases today, with security and privacy topping the list of concerns. Just 10 percent have actually bought something through an AI agent. And the overwhelming majority of those purchases were small-ticket items, groceries and household goods, where the downside risk of a mistake is negligible.

The trust deficit is the bottleneck. Not the technology.

Verifiable Intent is built on standards from the FIDO Alliance, EMVCo, IETF, and W3C. The technical architecture does three things.

First, it captures consumer intent at the point of delegation. When you tell your agent to book a flight under $500 on a specific date with a preferred airline, Verifiable Intent creates a structured, signed record of those instructions, including constraints like spending limits, merchant categories, and time windows. This is the "intent object."

Second, it links that intent object to the transaction outcome. When the agent completes a purchase, the system generates a cryptographic binding between what was authorised and what was executed. If the agent booked a $480 flight on the right date with the right airline, the record confirms alignment. If the agent booked a $750 flight on a different date, the mismatch is visible and verifiable.

Third, it uses a mechanism called Selective Disclosure to share only the minimum information each party needs. The merchant sees enough to confirm the transaction was authorised. The issuer sees enough to adjudicate a dispute. The agent platform sees enough to verify compliance. But no single party sees the complete picture. This is not just privacy engineering. It is a deliberate design choice that prevents any single actor in the chain from accumulating a comprehensive profile of consumer behaviour and preferences.

The specification is being open-sourced on GitHub, meaning any payment processor, agent platform, or merchant can implement it without licensing from Mastercard. In the coming months, Verifiable Intent will be integrated into Mastercard Agent Pay's intent APIs, giving the existing partner ecosystem a direct path to adoption.

To understand where Verifiable Intent fits, you need to see the broader architecture that is forming around agentic commerce. Three protocols are emerging, each solving a different part of the stack.

Google's Universal Commerce Protocol covers the full shopping lifecycle. Announced at NRF 2026 and already supported by Etsy, Target, Walmart, Wayfair, and millions of Shopify merchants, UCP handles product discovery, consideration, purchase, and post-purchase management. It is protocol-agnostic, supporting REST APIs, the Agent-to-Agent protocol (A2A), and the Model Context Protocol (MCP). It is, in effect, the rails for how agents find things and buy them.OpenAI's Agentic Commerce Protocol, co-developed with Stripe, focuses on the checkout layer. It powers Instant Checkout in ChatGPT and is designed to be merchant-friendly, requiring as little as one line of code for Stripe merchants. It uses Stripe's Shared Payment Token for delegated payments, allowing merchants to accept agentic payments without changing their existing payment processor.

Mastercard's Verifiable Intent operates at a different layer entirely. It does not compete with UCP or ACP. It complements them. UCP and ACP answer the question "how does an agent buy something?" Verifiable Intent answers the question "how do we prove the agent was supposed to buy that specific thing?"

This layering is deliberate. Stavan Parikh, VP and General Manager of Payments at Google, described Verifiable Intent as "a natural accelerator for scaling agentic commerce" that is "compatible with Agent Payments Protocol," according to PYMNTS.

Visa is not standing still. Its Trusted Agent Protocol, launched in October 2025 with more than 100 partners, provides agent authentication and anti-fraud infrastructure using cryptographic signatures at the agent level. Visa completed hundreds of real-world agent-initiated transactions in controlled environments through 2025 and is targeting mainstream agentic commerce by the 2026 holiday season.

But Visa's approach and Mastercard's approach are solving different problems, and the distinction matters.

Visa's Trusted Agent Protocol answers: "Is this a legitimate agent?" It verifies agent identity, distinguishes real agents from bots, and provides merchants with confidence that the entity initiating a transaction is authorised to do so. This is essential infrastructure. Without it, agentic commerce is a fraud playground.

Mastercard's Verifiable Intent answers a different question: "Did this legitimate agent do what the human actually asked it to do?" Agent authentication tells you the agent is real. Verifiable Intent tells you the agent followed instructions. Both are necessary. Neither is sufficient alone.

The competitive dynamics here are subtle. Fiserv, the largest merchant acquirer in the United States, is partnering with both networks simultaneously. It is integrating Mastercard Agent Pay into its merchant infrastructure, including the Clover point-of-sale platform, while also supporting Visa's Trusted Agent Protocol. As Sanjay Saraf, Senior VP at Fiserv, told PYMNTS, the company is working to "establish the foundation for secure, intelligent and interoperable agentic commerce experiences."

Fiserv's multi-network strategy tells you something important about the market's expectations. Nobody believes one protocol will dominate. The winning outcome is interoperability. And interoperability requires a shared trust layer, which is exactly what Verifiable Intent is designed to be.

The theory is compelling. The question is whether it works in practice. The early evidence is encouraging.On March 6, 2026, Mastercard announced the completion of its first authenticated agentic transactions in Malaysia, working with CIMB, Maybank, and RHB. The pilot used CardInfoLink's AI agent to book a ride from Kuala Lumpur International Airport to KL Sentral through hoppa, a global mobility provider. Each transaction used a Mastercard Agentic Token, with consumer consent captured explicitly and purchase confirmation secured via Mastercard Payment Passkeys.

In Europe, Santander and Mastercard completed what they described as the continent's first live end-to-end payment executed by an AI agent, using the Agent Pay framework.

Meanwhile, OpenAI integrated Mastercard Agent Pay and Agentic Tokens into ChatGPT's Instant Checkout, and PayPal announced it would integrate Agent Pay into its wallet, allowing AI agents to complete transactions on behalf of PayPal users.

These are not proof-of-concept demos. These are live transactions on production rails, with real banks, real merchants, and real consumer credentials. The infrastructure is moving from specification to implementation faster than most of the industry expected.

For anyone who has worked in merchant acquiring, and we should disclose that Major Matters' perspective here is informed by time spent at Fiserv, the Fiserv integration deserves particular attention.

Fiserv processes more merchant transactions in the United States than any other acquirer. Its Clover platform serves millions of small and medium-sized businesses. When Fiserv integrates a new capability into its merchant acceptance infrastructure, it does not reach a handful of early adopters. It reaches the long tail of American commerce.

The Fiserv-Mastercard integration means that AI-initiated transactions will flow through the same authorisation, settlement, and reconciliation systems merchants already use, including those embedded in Clover. Merchants will not need to build custom logic to manage AI agent behaviour. Network tokenisation replaces card numbers with network-issued tokens. Authentication mechanisms distinguish authorised agents from malicious automation. And the entire flow sits within existing card network rails.

This is important because the biggest risk to agentic commerce is not that the technology does not work. It is that merchants cannot or will not adopt it. If agent-initiated transactions require merchants to deploy new infrastructure, integrate new APIs, and manage new reconciliation flows, adoption will be slow, expensive, and concentrated among large enterprises. The Fiserv integration removes that barrier for the merchant segment that makes up the vast majority of US commerce by volume: the businesses running on Clover and Fiserv's existing stack.

Step back and consider what Verifiable Intent represents at a structural level.For decades, payment networks have operated on a simple model: they verify that you have the money and that you authorised the movement of that money. The "you" in that sentence was always a human. The authorisation was always a direct action, a PIN, a signature, a biometric, a tap.

Agentic commerce breaks that model. The entity initiating the transaction is not the human. It is an agent acting on the human's behalf, potentially hours or days after the human gave instructions, in a context the human may not have specifically anticipated. The authorisation is not a direct action. It is a delegation. And delegations are inherently more complex, more ambiguous, and more disputable than direct actions.

What Mastercard has done with Verifiable Intent is create a new financial primitive: the cryptographic intent record. It is not a payment instrument. It is not an authentication method. It is a proof layer that sits between human intent and machine action, creating a verifiable chain of accountability that did not previously exist.

This matters because the disputes are coming. As agentic commerce scales from small-ticket grocery orders to flight bookings, insurance purchases, and enterprise procurement, the dollar values at stake will rise, and so will the frequency and complexity of disputes. The Bain research showing that 50 percent of consumers are cautious about fully autonomous purchases is not irrational fear. It is a rational response to the absence of clear accountability when something goes wrong.

Verifiable Intent does not eliminate the risk of agents making mistakes. It creates a framework for determining who is responsible when they do.

The next 12 months will determine whether Verifiable Intent becomes the shared trust standard for agentic commerce or one of several competing frameworks. Here is what we are tracking.

GitHub adoption. The specification is being open-sourced. The speed at which agent platforms, payment processors, and merchants implement it will signal whether the market sees it as genuinely useful infrastructure or a Mastercard branding exercise.

Visa's response. Visa has not announced an equivalent intent-verification layer. It may build one, adopt Verifiable Intent as a complementary standard, or argue that its Trusted Agent Protocol already covers sufficient ground. How Visa responds will shape whether the trust layer becomes interoperable or fragmented.

Dispute volumes. As more agentic transactions go live, the first wave of consumer disputes will test whether Verifiable Intent records actually hold up in adjudication. The specification is elegant in theory. Chargeback departments will determine whether it works in practice.

Regulatory interest. The EU AI Act is beginning to classify AI systems by risk level. Agentic commerce systems that handle financial transactions may face specific transparency and accountability requirements. A pre-existing, standards-based intent verification framework could become a compliance asset.

Enterprise procurement. The 43 percent of CFOs who told PYMNTS Intelligence they expect high impact from agentic AI in budget reallocation are not thinking about consumer grocery orders. They are thinking about autonomous procurement at scale, where verifiable intent is not a nice-to-have but a fiduciary requirement.

Fourez said it plainly: "In this new payments paradigm, trust becomes the product."

He is right. And for the first time, someone has shipped a specification for what trust actually looks like when the buyer is not a human.